From: Anders Roxell <anders.roxell@linaro.org>
To: will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com,
james.morse@arm.com, ebiederm@xmission.com, elver@google.com
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, arnd@arndb.de
Subject: BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
Date: Wed, 21 Dec 2022 15:54:36 +0100 [thread overview]
Message-ID: <20221221145436.GF69385@mutt> (raw)
Hey,
I'm building an allmodconfig kernel on yesterdays linux-next (tag:
next-20221220) and I see a
"BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation"
when I boot up in QEMU. I ran the output via
scripts/decode_stacktrace.sh and this is what I see:
[ 2105.261121][ T154] ==================================================================
[ 2105.266067][ T154] BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
[ 2105.271577][ T154]
[ 2105.273121][ T154] write to 0xffff8000210b3fb8 of 8 bytes by task 136 on cpu 0:
[ 2105.277743][ T154] spectre_v4_enable_task_mitigation (/home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:651 /home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:664)
[ 2105.281802][ T154] __switch_to (/home/anders/src/kernel/next/arch/arm64/kernel/process.c:459 /home/anders/src/kernel/next/arch/arm64/kernel/process.c:532)
[ 2105.284670][ T154] __schedule (/home/anders/src/kernel/next/kernel/sched/core.c:5247 /home/anders/src/kernel/next/kernel/sched/core.c:6555)
[ 2105.287555][ T154] preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:70 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:98 /home/anders/src/kernel/next/kernel/sched/core.c:6868)
[ 2105.290857][ T154] arm64_preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:237)
[ 2105.294433][ T154] el1_interrupt (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:476 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:486)
[ 2105.297433][ T154] el1h_64_irq_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:492)
[ 2105.300718][ T154] el1h_64_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:580)
[ 2105.303497][ T154] arch_local_irq_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/jump_label.h:21 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:130)
[ 2105.306750][ T154] fs_reclaim_acquire (/home/anders/src/kernel/next/mm/page_alloc.c:4691)
[ 2105.310118][ T154] slab_pre_alloc_hook.constprop.0 (/home/anders/src/kernel/next/include/linux/sched/mm.h:272 /home/anders/src/kernel/next/mm/slab.h:720)
[ 2105.313966][ T154] slab_alloc_node.isra.0 (/home/anders/src/kernel/next/mm/slub.c:3434)
[ 2105.317343][ T154] __kmem_cache_alloc_lru (/home/anders/src/kernel/next/mm/slub.c:3469)
[ 2105.320659][ T154] kmem_cache_alloc (/home/anders/src/kernel/next/mm/slub.c:3477)
[ 2105.323673][ T154] getname_flags (/home/anders/src/kernel/next/fs/namei.c:139)
[ 2105.326703][ T154] getname (/home/anders/src/kernel/next/fs/namei.c:218)
[ 2105.329377][ T154] do_sys_openat2 (/home/anders/src/kernel/next/fs/open.c:1304)
[ 2105.332352][ T154] __arm64_sys_openat (/home/anders/src/kernel/next/fs/open.c:1326)
[ 2105.335573][ T154] el0_svc_common.constprop.0 (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:38 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:52 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:142)
[ 2105.339272][ T154] do_el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:197)
[ 2105.342025][ T154] el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:638)
[ 2105.344687][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:656)
[ 2105.348089][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
[ 2105.350998][ T154]
[ 2105.352567][ T154] read to 0xffff8000210b3fb8 of 8 bytes by task 154 on cpu 0:
[ 2105.357117][ T154] do_page_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:517 /home/anders/src/kernel/next/arch/arm64/mm/fault.c:558)
[ 2105.360110][ T154] do_translation_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:695)
[ 2105.363400][ T154] do_mem_abort (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:831)
[ 2105.366400][ T154] el0_ia (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:534)
[ 2105.369059][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
[ 2105.372445][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
[ 2105.375404][ T154]
[ 2105.376935][ T154] no locks held by systemd/154.
[ 2105.379935][ T154] irq event stamp: 385
[ 2105.382448][ T154] hardirqs last enabled at (385): local_daif_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/daifflags.h:71 (discriminator 1))
[ 2105.388413][ T154] hardirqs last disabled at (384): el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
[ 2105.394436][ T154] softirqs last enabled at (352): fpsimd_restore_current_state (/home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:264 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1780)
[ 2105.400932][ T154] softirqs last disabled at (350): fpsimd_restore_current_state (/home/anders/src/kernel/next/include/linux/bottom_half.h:20 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:242 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1773)
[ 2105.407394][ T154]
[ 2105.408909][ T154] value changed: 0x0000000060000000 -> 0x0000000060001000
[ 2105.413225][ T154]
[ 2105.414746][ T154] Reported by Kernel Concurrency Sanitizer on:
[ 2105.426169][ T154] Hardware name: linux,dummy-virt (DT)
[ 2105.429528][ T154] ==================================================================
The prctl case, which only gets called on 'current'. However, assuming
the kernel could be preempted while accessing current->pt_regs->pstate,
and then it races against the task switch.
Any idea what happens and how to fix it?
Cheers,
Anders
WARNING: multiple messages have this Message-ID (diff)
From: Anders Roxell <anders.roxell@linaro.org>
To: will@kernel.org, catalin.marinas@arm.com, mark.rutland@arm.com,
james.morse@arm.com, ebiederm@xmission.com, elver@google.com
Cc: linux-arm-kernel@lists.infradead.org,
linux-kernel@vger.kernel.org, arnd@arndb.de
Subject: BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
Date: Wed, 21 Dec 2022 15:54:36 +0100 [thread overview]
Message-ID: <20221221145436.GF69385@mutt> (raw)
Hey,
I'm building an allmodconfig kernel on yesterdays linux-next (tag:
next-20221220) and I see a
"BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation"
when I boot up in QEMU. I ran the output via
scripts/decode_stacktrace.sh and this is what I see:
[ 2105.261121][ T154] ==================================================================
[ 2105.266067][ T154] BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation
[ 2105.271577][ T154]
[ 2105.273121][ T154] write to 0xffff8000210b3fb8 of 8 bytes by task 136 on cpu 0:
[ 2105.277743][ T154] spectre_v4_enable_task_mitigation (/home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:651 /home/anders/src/kernel/next/arch/arm64/kernel/proton-pack.c:664)
[ 2105.281802][ T154] __switch_to (/home/anders/src/kernel/next/arch/arm64/kernel/process.c:459 /home/anders/src/kernel/next/arch/arm64/kernel/process.c:532)
[ 2105.284670][ T154] __schedule (/home/anders/src/kernel/next/kernel/sched/core.c:5247 /home/anders/src/kernel/next/kernel/sched/core.c:6555)
[ 2105.287555][ T154] preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:70 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:98 /home/anders/src/kernel/next/kernel/sched/core.c:6868)
[ 2105.290857][ T154] arm64_preempt_schedule_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:237)
[ 2105.294433][ T154] el1_interrupt (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:476 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:486)
[ 2105.297433][ T154] el1h_64_irq_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:492)
[ 2105.300718][ T154] el1h_64_irq (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:580)
[ 2105.303497][ T154] arch_local_irq_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/jump_label.h:21 /home/anders/src/kernel/next/arch/arm64/include/asm/irqflags.h:130)
[ 2105.306750][ T154] fs_reclaim_acquire (/home/anders/src/kernel/next/mm/page_alloc.c:4691)
[ 2105.310118][ T154] slab_pre_alloc_hook.constprop.0 (/home/anders/src/kernel/next/include/linux/sched/mm.h:272 /home/anders/src/kernel/next/mm/slab.h:720)
[ 2105.313966][ T154] slab_alloc_node.isra.0 (/home/anders/src/kernel/next/mm/slub.c:3434)
[ 2105.317343][ T154] __kmem_cache_alloc_lru (/home/anders/src/kernel/next/mm/slub.c:3469)
[ 2105.320659][ T154] kmem_cache_alloc (/home/anders/src/kernel/next/mm/slub.c:3477)
[ 2105.323673][ T154] getname_flags (/home/anders/src/kernel/next/fs/namei.c:139)
[ 2105.326703][ T154] getname (/home/anders/src/kernel/next/fs/namei.c:218)
[ 2105.329377][ T154] do_sys_openat2 (/home/anders/src/kernel/next/fs/open.c:1304)
[ 2105.332352][ T154] __arm64_sys_openat (/home/anders/src/kernel/next/fs/open.c:1326)
[ 2105.335573][ T154] el0_svc_common.constprop.0 (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:38 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:52 /home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:142)
[ 2105.339272][ T154] do_el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/syscall.c:197)
[ 2105.342025][ T154] el0_svc (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:638)
[ 2105.344687][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:656)
[ 2105.348089][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
[ 2105.350998][ T154]
[ 2105.352567][ T154] read to 0xffff8000210b3fb8 of 8 bytes by task 154 on cpu 0:
[ 2105.357117][ T154] do_page_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:517 /home/anders/src/kernel/next/arch/arm64/mm/fault.c:558)
[ 2105.360110][ T154] do_translation_fault (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:695)
[ 2105.363400][ T154] do_mem_abort (/home/anders/src/kernel/next/arch/arm64/mm/fault.c:831)
[ 2105.366400][ T154] el0_ia (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:133 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:142 /home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:534)
[ 2105.369059][ T154] el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
[ 2105.372445][ T154] el0t_64_sync (/home/anders/src/kernel/next/arch/arm64/kernel/entry.S:584)
[ 2105.375404][ T154]
[ 2105.376935][ T154] no locks held by systemd/154.
[ 2105.379935][ T154] irq event stamp: 385
[ 2105.382448][ T154] hardirqs last enabled at (385): local_daif_restore (/home/anders/src/kernel/next/arch/arm64/include/asm/daifflags.h:71 (discriminator 1))
[ 2105.388413][ T154] hardirqs last disabled at (384): el0t_64_sync_handler (/home/anders/src/kernel/next/arch/arm64/kernel/entry-common.c:662)
[ 2105.394436][ T154] softirqs last enabled at (352): fpsimd_restore_current_state (/home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:264 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1780)
[ 2105.400932][ T154] softirqs last disabled at (350): fpsimd_restore_current_state (/home/anders/src/kernel/next/include/linux/bottom_half.h:20 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:242 /home/anders/src/kernel/next/arch/arm64/kernel/fpsimd.c:1773)
[ 2105.407394][ T154]
[ 2105.408909][ T154] value changed: 0x0000000060000000 -> 0x0000000060001000
[ 2105.413225][ T154]
[ 2105.414746][ T154] Reported by Kernel Concurrency Sanitizer on:
[ 2105.426169][ T154] Hardware name: linux,dummy-virt (DT)
[ 2105.429528][ T154] ==================================================================
The prctl case, which only gets called on 'current'. However, assuming
the kernel could be preempted while accessing current->pt_regs->pstate,
and then it races against the task switch.
Any idea what happens and how to fix it?
Cheers,
Anders
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next reply other threads:[~2022-12-21 14:54 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-21 14:54 Anders Roxell [this message]
2022-12-21 14:54 ` BUG: KCSAN: data-race in do_page_fault / spectre_v4_enable_task_mitigation Anders Roxell
2023-01-06 17:38 ` Will Deacon
2023-01-06 17:38 ` Will Deacon
-- strict thread matches above, loose matches on Subject: below --
2022-12-15 7:32 Naresh Kamboju
2022-12-15 8:32 ` Marco Elver
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221221145436.GF69385@mutt \
--to=anders.roxell@linaro.org \
--cc=arnd@arndb.de \
--cc=catalin.marinas@arm.com \
--cc=ebiederm@xmission.com \
--cc=elver@google.com \
--cc=james.morse@arm.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=will@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.